[00:03.480 --> 00:08.500]  All right, good morning, afternoon, evening, whatever time it is when you get around to
[00:08.500 --> 00:15.200]  watching this. I'm pretty excited to be participating for the first time in DEF CON.
[00:15.200 --> 00:20.420]  I really wish, obviously, I could be there in person. It would be far easier to present this
[00:20.420 --> 00:26.420]  if I was able to see people face-to-face and you would see, you know, my passion and excitement.
[00:26.420 --> 00:32.080]  I'm sure you might not hear it in my voice, but this is a project that I have been working on for
[00:33.480 --> 00:40.980]  about the beginning of the year, maybe even into last year, and that is Dragon OS Focal.
[00:41.440 --> 00:47.460]  Like I said, my name is Aaron. This is DEF CON 2020 safe mode. So we'll go down through here.
[00:47.460 --> 00:52.260]  I've got some just a few slides and then we'll go right into just kind of showing you what
[00:52.260 --> 01:00.980]  Dragon OS is. Background on it, I, you know, personally was working on some tools right prior
[01:00.980 --> 01:11.820]  to COVID-19 to try to aid in teaching software-defined radios, SDRs. So, you know, I had
[01:11.820 --> 01:21.200]  kind of that going for me. And then a couple projects way back 2008, 2009 or so, I built
[01:21.200 --> 01:29.160]  everything that was AWD Mesh. Some of you may be familiar with OpenMesh back then when they had the
[01:29.160 --> 01:35.780]  OM1P. So I was kind of on my own using some open source and the router station, everyone probably
[01:35.780 --> 01:41.680]  had one at one point or another, and built OpenMesh with a few other people there, sold the stuff
[01:42.460 --> 01:49.400]  all over the world, dual radio mesh equipment. So, and then about that same time, I was pretty
[01:49.400 --> 01:53.440]  active in the ZoneMinder forums for some reason or another. And I just noticed that people have
[01:54.440 --> 02:01.980]  a lot of problems with compiling things and building ZoneMinder from source. So I thought,
[02:01.980 --> 02:07.480]  well, why not use Remaster Syst and help people out and get it all pre-built and working. So
[02:08.380 --> 02:13.920]  kind of take those two things, and it got me thinking about doing another distribution.
[02:13.920 --> 02:20.960]  And then, of course, COVID-19 hit really big and, you know, a lot of people stuck at home.
[02:20.960 --> 02:28.220]  So I thought, well, why not take my little project, take it to the next level, get it out there,
[02:28.220 --> 02:34.860]  you know, to the public so people could install, have something fairly new in terms of software,
[02:35.380 --> 02:40.580]  free, and get into software-defined radios while they were stuck at home.
[02:41.020 --> 02:49.060]  Put that, you know, out to the public. A lot of people were interested in it. RTLSDR.com and
[02:49.060 --> 02:53.500]  Hackaday did, you know, a few articles here. I just copied and pasted one article
[02:54.020 --> 03:00.380]  that you can see was dated back March 24, 2020. Talks a little bit about the project. So,
[03:00.380 --> 03:04.920]  you know, if you look online, you'll find a lot more articles. But the progress I've made,
[03:04.920 --> 03:10.480]  I started with Debian Buster, just called it Dragon OS X. That was...
[03:12.400 --> 03:17.600]  Actually, Debian is probably my favorite. Had a lot of tools in there. You can find that on
[03:18.140 --> 03:23.460]  SourceForge. I just got to a point where I wanted to be able to support disk encryption and UEFI.
[03:23.460 --> 03:31.740]  So I moved on to Lubuntu 18.04, called that Dragon OS LTS. That was... the bulk of my time was spent
[03:31.740 --> 03:37.500]  making that. I think I've made the most videos on that. And I guess I should point out, too,
[03:37.500 --> 03:43.600]  I tried to keep all distributions, even though, you know, went from Debian to Lubuntu. I tried to
[03:43.600 --> 03:50.100]  keep as close as possible I could with the tools and applications that were installed. So,
[03:50.100 --> 03:57.320]  you know, for the most part, any of the videos, you know, I label should apply to any of the
[03:57.320 --> 04:05.300]  builds, hopefully. Well, anyways, so now I'm on to Lubuntu 20.04. And I just called that Dragon OS
[04:05.300 --> 04:14.580]  Focal. So yeah, the goal I spend, I don't even know how many hours, all these, you know,
[04:14.580 --> 04:22.540]  countless amount of hours pre-installing anything I could possibly find that would be of interest
[04:22.540 --> 04:28.420]  to people that are into software-defined radios. That could be from repositories,
[04:28.420 --> 04:33.800]  dev packages, you know, source, so on and so forth. And I try to combine it all and spend
[04:34.390 --> 04:42.320]  and just be meticulous about everything working together. So, you know, from remastering it to
[04:42.320 --> 04:49.320]  installing it, to testing the whole installation, to checking every possible software-defined radio
[04:49.320 --> 04:56.560]  I can with it, or at least that I've owned or have been donated. You know, I have B205 here,
[04:56.560 --> 05:05.820]  USRP radio, RTL-SDR, Blade RF, some SDR Play equipment. The SDR Play people were
[05:05.820 --> 05:13.900]  extremely helpful in sending me some equipment out. That's been really awesome. Ubertooth from
[05:14.480 --> 05:19.300]  Hacker's Warehouse, they were really nice, sent some equipment out. And then as I kind of go
[05:19.300 --> 05:25.400]  through, I'll point out, I'll say thanks to a lot of people that have helped just with input
[05:25.400 --> 05:32.120]  and kind of behind-the-scenes discussion on what software is out there and what to include.
[05:32.460 --> 05:36.920]  All right, so let's get out of the slides here. And, you know, I try to do everything
[05:37.460 --> 05:43.640]  within Dragon OS, which is running right now, my latest build, which I was going to put out
[05:43.640 --> 05:50.580]  in conjunction with this. I just kept it still a beta build, Dragon OS Focal Public Beta 3.
[05:51.240 --> 05:58.100]  That's what's running this right now. I have to admit, I was not familiar with OBS and making
[05:58.100 --> 06:03.880]  videos like this, so hopefully it comes out okay. So we'll get down off the slides here.
[06:03.900 --> 06:08.220]  This is Dragon OS. I know it doesn't look like much. You're just looking at the desktop here,
[06:08.220 --> 06:15.140]  but this is running live from a USB stick. I've made it as easy as I can. You can see there's a
[06:15.140 --> 06:23.260]  little icon on the desktop. I've actually already ran through the installer, but I will show how
[06:23.260 --> 06:32.040]  easy it is to get it to install. You'll just come through here, answer a few questions. I'll just
[06:32.040 --> 06:36.920]  uncheck this for now, just so that it's not hanging here and you all are staring at this
[06:36.920 --> 06:47.880]  screen while it's loading. I'm not going to make this video over again, but just trust me, I've
[06:48.560 --> 06:54.340]  already ran through the installer and it finished. Normally you would reboot.
[06:55.440 --> 07:05.680]  That's why you see that error pop up there. Anyways, I'll just let that run in the background.
[07:05.680 --> 07:13.840]  That was kind of to show you how easy it is to install. Lesson learned. Don't run it twice
[07:13.840 --> 07:19.820]  within the same as it's running live, but it's kind of hard. I have everything set up to make
[07:19.820 --> 07:25.460]  this video. One of the big things, I'll just go right down the list I wanted to demonstrate here,
[07:25.460 --> 07:31.560]  so you can get an understanding of why is this any different than any other distribution.
[07:31.560 --> 07:38.340]  You got Kali out there for your offensive security or pen testing. I just tried to make
[07:38.340 --> 07:45.100]  this distribution all about software-defined radios. So, base Lubuntu system with everything
[07:45.100 --> 07:50.020]  installed on top of it. One point right out at the front, I've actually got it running here.
[07:50.020 --> 07:56.040]  SigDigger that I've put in here, built from source. I find this program really great. The
[07:56.040 --> 08:03.080]  super awesome. I know he was trying to help me out to have a TV decoder, I guess you'd say,
[08:03.080 --> 08:09.360]  with sync and everything ready for this. But I think you all will see that here in the real
[08:09.360 --> 08:16.200]  near future. So, keep an eye on that. But what I'll show you is SigDigger running using the
[08:18.900 --> 08:24.520]  B205 mini that I have here. And if you happen to have, so I have a five gigahertz antenna on it.
[08:24.520 --> 08:34.040]  I've got a five gigahertz FPV cam sitting here. So, if you open up your sample rate and your
[08:34.040 --> 08:42.620]  bandwidth, you should be able to do what I'm doing here. Which is, we'll look at this in the
[08:42.620 --> 08:53.260]  spectrum. I've got my window open as far as I can here. I've got an inspection tab open here. And
[08:53.260 --> 08:59.740]  I've got an FSK inspector. So, that's another thing. When I make these videos, I try to go
[08:59.740 --> 09:09.100]  through and get people interested in what these different acronyms, FSK means. I don't explain
[09:09.100 --> 09:14.940]  everything, but I hope I generate enough interest where people will go out and do some more research.
[09:15.020 --> 09:22.380]  So, I've opened up the FSK inspector here. And you'll see where I've paused before,
[09:22.380 --> 09:26.200]  the video, so you know what's coming here.
[09:28.160 --> 09:39.460]  Let's just open this up the whole way here. Actually, let's close out of this. We'll open
[09:39.460 --> 09:46.780]  another inspector. You would bump up your bits per tone and start the clock recovery.
[09:47.240 --> 09:54.700]  I come up here, I left click and drag and open this aperture up here, release,
[09:54.700 --> 10:01.800]  uncheck fit the window and click record. And come down to about the, let's see, 550 or so.
[10:01.800 --> 10:08.440]  And you should see where I left off here. And this is live. This is capturing this live. I had hoped
[10:08.440 --> 10:17.040]  to literally just record the whole video like this, but not, you know, in such a way to give
[10:17.040 --> 10:26.720]  everyone a seizure or something. So that's, I felt that that was a really unique, very powerful
[10:27.320 --> 10:32.700]  signal analysis tool. And that just shows you that that's literally out of the box. It's running
[10:33.240 --> 10:39.640]  live. You don't have to use a B205. I've actually did this with a hack RF.
[10:41.160 --> 10:44.860]  So yeah, you know, as long as you can get in the five gigahertz range,
[10:44.860 --> 10:48.560]  you should be, you should be fine. I'm sure I could probably do it with the,
[10:48.560 --> 10:55.580]  some of the Blade RS that go up that far. This is a Blade RF Micro AXA4, I think it is.
[10:57.740 --> 11:04.120]  So yeah, that just shows you that's really not the primary feature of this or of that window,
[11:04.120 --> 11:09.600]  that symbol stream window. It just happens to, to be able to do that. So I'm sure if you pause,
[11:09.600 --> 11:18.460]  you'll, you'll see me and yeah. So let's see. Anyways, I'm going to close out of this.
[11:19.720 --> 11:24.860]  I'm going to change out a couple of things here. What I want to show is we'll open up a few
[11:24.860 --> 11:31.460]  terminal windows here. I'll do this as quick as I can here. This is just to show you something else
[11:31.460 --> 11:41.380]  that is on here and running out of the box. I grab a few cellular antennas here.
[11:44.640 --> 11:51.960]  And I'm sure a lot of you are familiar with SRS LTE. I had a big interest in
[11:54.560 --> 12:03.360]  getting LTE and GSM actually, as well, running out of the box. I know there's a lot of interest
[12:03.360 --> 12:13.000]  in that. Obviously, you got to have shielding and stuff when you're transmitting any of this.
[12:13.000 --> 12:20.920]  So I just recommend be careful when you're doing any of what I'm showing here. But
[12:22.440 --> 12:24.680]  let me see SRS.
[12:26.260 --> 12:29.920]  So this just shows you how fast we can get up and running.
[12:31.000 --> 12:39.520]  We'd want to start our core networking, our EPC here. See, we can bring that online.
[12:42.100 --> 12:44.380]  And we would do our
[12:45.800 --> 12:56.480]  EMB. And for this, I found that
[13:00.580 --> 13:07.220]  it will use the EDIS by default.
[13:08.960 --> 13:14.680]  But these two commands start at the core network and then starting up your EMB.
[13:14.680 --> 13:24.920]  And that failure you see there, that's SOPI for SDR play. What I have done is,
[13:24.920 --> 13:28.440]  when you run the installer, that's another thing I guess that makes this unique, but
[13:28.440 --> 13:35.240]  you run the installer and then you reboot. You're going to be presented with a little
[13:35.240 --> 13:42.960]  pop-up that will prompt you to install the SDR play. So that'll happen. Your
[13:43.440 --> 13:48.360]  user will be added to Kismet. So everything just kind of works out of the box. I know I keep saying
[13:48.360 --> 13:57.520]  that. So these two commands here, I'd have to, you know, of course this happens right when I do the
[13:58.240 --> 14:08.480]  presentation, but let's see. With those two there, you can be up and broadcasting your
[14:14.360 --> 14:22.980]  base station, basically. If you had a second laptop and another EDIS or BladeRF, which I have
[14:22.980 --> 14:30.100]  demonstrated in some of the YouTube videos, you can use a virtual handset through that radio to
[14:30.100 --> 14:37.600]  connect. So yeah, that's how easy that is. That's all, you know, pre-configured and working. You
[14:37.600 --> 14:45.340]  can do the same in my latest build with GSM now. So I'm sure a lot of you are probably familiar with
[14:47.780 --> 14:58.180]  Osmocom here. I've got the HLR, the BTS, the BSC, and the transmitting all in here. So
[14:59.040 --> 15:07.080]  you should be able to get a GSM base station up and working pretty quick. If you have a
[15:09.220 --> 15:13.300]  EDIS, so if we start up our
[15:21.400 --> 15:26.290]  BSC and we start up our...
[16:01.960 --> 16:10.180]  and then if I start up my might be a
[16:20.570 --> 16:27.710]  and that's it. And so
[16:33.330 --> 16:35.670]  now you see, now we've got our
[16:37.830 --> 16:45.570]  base station online. I know there's an error here, but
[16:47.190 --> 17:08.610]  let's see. All right, there we go. So you can, this is actually something I'll address
[17:08.610 --> 17:14.570]  in the next build, but that's actually a pretty common thing and explained on EDIS how to
[17:14.570 --> 17:29.770]  get around setting the thread priority. All right, so there's three things right out of the box.
[17:30.690 --> 17:40.230]  Way to decode 5 GHz video, the LTE network, GSM network.
[17:41.810 --> 17:52.650]  Something else that I do is I keep everything that I install from source or not a packaged
[17:52.650 --> 18:00.090]  installation, I keep it all here in the actual build when you finish installing it so that you
[18:00.090 --> 18:06.830]  have all of the source that you need to make any changes or uninstall anything that
[18:07.570 --> 18:15.410]  you may want to, you may want to remove. Let's see, I'll show another example here. So
[18:15.410 --> 18:23.290]  GNU Radio 3.8 is in here. If we take a look at, let's just take a look at
[18:24.210 --> 18:32.010]  GR RDS, you'll see right there you got ADS-B, Deck 2, and I've checked all of this. GSM
[18:32.730 --> 18:39.670]  in GNU Radio 3.8 works perfectly fine with the Emsi capture script. You got Radium there,
[18:40.490 --> 18:45.970]  not super familiar with satellites, but I've included that. GR Tempest, I checked that
[18:45.970 --> 18:51.410]  and actually got that working with some SDR play equipment and was able to view a monitor
[18:52.130 --> 18:57.370]  without having to use the Tempest SDR which I know a lot of people use. So
[18:58.190 --> 19:05.710]  if you want to get into GNU Radio, which I recommend, you can take a look at
[19:08.050 --> 19:10.930]  one of the examples here, a real easy one.
[19:15.600 --> 19:22.320]  And again, I really feel like a benefit of this distribution is you can run it live if you don't
[19:22.320 --> 19:29.520]  want to install it. There may be some things that may have some issues running live, but for
[19:29.520 --> 19:37.780]  the most part it works pretty well. So this is GNU Radio, I'm sure a lot of people are familiar
[19:37.780 --> 20:05.250]  with this. So again, right out of the box. You got your RDS on there, you've got your gain settings.
[20:07.330 --> 20:14.430]  So I have tried to go, or I have went through every application you can possibly
[20:15.250 --> 20:21.350]  think of on here. SDR trunk, Airband, Retrogram,
[20:22.810 --> 20:30.830]  everything. I have spent a lot of time making this work. So I know I said that
[20:32.410 --> 20:36.750]  I'd thank some people here. I'm trying to think what else can I open up and show before we
[20:36.750 --> 20:43.490]  or before I close this out. Just run down the list here. You see under
[20:46.970 --> 20:54.630]  internet you got GQRX, SDR, ANGEL. I just recently built SDR ANGEL with
[20:54.630 --> 21:05.050]  SOPI support. So now I can't not show SDR play equipment
[21:06.040 --> 21:17.830]  in this video considering how much help that they have given. So this is a RSP1 Alpha and SDR ANGEL.
[21:25.790 --> 21:37.570]  Let's see here. So now we can use our SDR play equipment. Let's see.
[21:44.720 --> 21:51.120]  Actually, you know what, since we're running live I'm going to fix this real quick.
[21:53.180 --> 21:57.960]  See there's always something because I haven't
[22:02.040 --> 22:07.060]  because I haven't installed and rebooted. My script didn't take place. So I just
[22:07.670 --> 22:12.710]  when you're running live you would have to actually install the API.
[22:13.300 --> 22:21.400]  So now we should be able to come back here open up our SDR ANGEL.
[22:30.040 --> 22:49.630]  So now, fingers crossed, we have our RSP1 Alpha. You can add a, well anything. You can do DMR,
[22:49.630 --> 22:57.970]  DSD, demodulators, DATV, all sorts of options here.
[23:46.470 --> 23:52.110]  See, doesn't that get awkward when you're doing something live and then it doesn't work like you expect?
[24:16.480 --> 24:20.120]  Okay, threw me off there a second.
[24:24.920 --> 24:31.880]  So that's SDR play equipment in SDR ANGEL now.
[24:46.540 --> 24:57.100]  There we go. Okay, so you gotta obviously adjust the game correctly there. So that's SDR ANGEL.
[24:57.120 --> 25:06.620]  Same thing if you come down the list here. We've got Cubic SDR, Cubic SDR with SDR play support,
[25:06.620 --> 25:13.100]  Q-Spectrum Analyzer, really good to use with the HackRF. If you want to do some replay, capture
[25:13.100 --> 25:22.000]  and replay attacks, you got Universal Radio Hacker. That also, yeah, actually I should have
[25:22.000 --> 25:39.060]  put SDR play support next to there, which I believe, I believe it, no, actually that does not have
[25:39.780 --> 25:47.360]  SDR play support yet. They're still, that's still being worked on. Let's see, what else?
[25:48.100 --> 26:00.280]  We've got Spike, which is the gentleman by the name of Rick, who suggested I do this video,
[26:01.420 --> 26:10.760]  is a big fan of that equipment, that program. Let's see, what else? And then really anything
[26:10.760 --> 26:17.100]  else that's sitting in the, that is not installed with a nice easy to click
[26:18.500 --> 26:26.760]  GUI, you can run from here and you can kind of get an idea there. So Sparrow Wi-Fi,
[26:26.760 --> 26:32.500]  matter of fact, I know a lot of people are familiar with Kismet.
[26:34.480 --> 26:38.160]  I suggest taking a look at Sparrow Wi-Fi too.
[26:39.960 --> 26:44.900]  They've got some nice integration there with the Hacker F and Ubertooth.
[26:55.580 --> 27:02.600]  I don't actually have my Hacker F right now, but what you can do with Sparrow Wi-Fi is overlay the
[27:02.600 --> 27:10.240]  2.4 gigahertz and 5 gigahertz spectrum over top of your wireless NIC card that would run up in
[27:10.240 --> 27:17.180]  the top here. And of course do similar to Kismet, but really not do the full packet capture and,
[27:17.180 --> 27:25.620]  you'd see the access points. And so not to give away, you know, all my access points here,
[27:25.620 --> 27:31.900]  I'll just kind of show you the spectrum analyzer with the Ubertooth that's plugged in here.
[27:32.440 --> 27:37.260]  So thank you to Hacker Warehouse for that, to let me check that.
[27:41.960 --> 27:54.200]  All right, let's see. So I think that's enough kind of programs. I hit on a lot of the big stuff
[27:54.200 --> 28:03.440]  and I would encourage anyone to take a look at the YouTube page that I have here.
[28:29.870 --> 28:38.010]  So I would say, I would encourage anyone to, that wants to know more, take a look at my
[28:38.010 --> 28:47.470]  YouTube page here, Cima Executor. You can come down through all the videos that I've put on here.
[28:47.930 --> 28:54.770]  I don't know, I think there's about maybe 60 or so, over all sorts of various different topics,
[28:55.150 --> 28:59.410]  from showing the installation, to doing capture and replay,
[28:59.810 --> 29:10.170]  using the Kerberos SDR for direction finding, proof of concept on smart cell phone jamming,
[29:11.250 --> 29:22.910]  signal analysis, spy server, everything you could think of, I've tried to cover here and educate.
[29:23.550 --> 29:31.290]  All right, I think that about wraps it up. If you need to find the project, you can just Google
[29:31.290 --> 29:39.210]  Dragon OS, you can do Focal if you want, that's the latest. You know, come find it on SourceForge,
[29:39.210 --> 29:45.650]  you got your files and you get your latest there. So yeah, I appreciate everyone
[29:46.990 --> 29:52.290]  kind of listening up to this point and just want to say, you know, thank you to
[29:52.990 --> 29:58.050]  developer of, you know, SigDigger, the SDR play equipment, Hackers Warehouse.
[29:59.170 --> 30:03.530]  You know, I'm drawing a blank right now, but there's been so many,
[30:03.530 --> 30:08.090]  oh wow, everyone on YouTube that has provided suggestions or emailed me kind of behind the
[30:08.090 --> 30:18.810]  scenes. I appreciate it. I hope that this has been helpful during COVID-19. I know a lot of people
[30:18.810 --> 30:26.050]  have been stuck at home, so I just wanted to try and do what I could to help others. So, all right,
[30:26.050 --> 30:26.930]  thanks.
